7.5 - USN-151-2

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog) Ubuntu 5.04 (Hoary Hedgehog)

The following packages are affected:

amd64-libs amd64-libs-dev dpkg dpkg-dev dselect ia32-libs ia32-libs-dev

On Ubuntu 4.10, the problem can be corrected by upgrading the affected package to version 0.5ubuntu2.1 (ia32-libs and ia32-libs-dev), 1.0ubuntu3.1 (amd64-libs and amd64-libs-dev), and 1.10.22ubuntu2.1 (dpkg, dpkg-dev, dpkg-doc and dselect).

On Ubuntu 5.04, the problem can be corrected by upgrading the affected package to version 0.5ubuntu3.1 (ia32-libs and ia32-libs-dev), 1.1ubuntu0.1 (amd64-libs and amd64-libs-dev), and 1.10.27ubuntu1.1 (dpkg, dpkg-dev, dpkg-doc and dselect).

In general, a standard system upgrade is sufficient to effect the necessary changes.

Details follow:

USN-148-1 and USN-151-1 fixed two security flaws in zlib, which could be exploited to cause Denial of Service attacks or even arbitrary code execution with malicious data streams.

Most applications use the shared library provided by the "zlib1g" package; however, some packages contain copies of the affected zlib code, so they need to be upgraded as well.